What's so special about a NAT router compared to a switch?

What's so special about a NAT router compared to a switch?
Quite a bit actually. A switch (or hub) is simply a TEE of sorts, it connects all the computers attached to it together so that they can talk to each other. If you hook a hub or switch to a broadband connection then each PC connected to it will get an Internet IP address (provided your ISP will dole out an address to just any PC connected to it's line). This puts the machines out on the Internet competely naked and exposed. They can see out and anyone can see in.

A router on the otherhand is a device that places itself on the outside and makes an internal LAN on the inside using non-routable private IP addresses. A router can include a hib / switch but does not have to. Sometimes they have only 2 ports - INSIDE (LAN) and OUTSIDE (WAN) and additional devices are connected to a switch or hub that is connected to the router. When PC's are connected together this way they see each other but they are resonable hidden from the big bad Internet. NAT stands for Net Address Translation, you communicate to the Internet through the router, the router takes your internal non-routable IP address sticks it's own OUTSIDE Internet Routable address on it and sends the request down the pipe to the Internet resource. The packets come back to the router, the router knows who on the inside sent the request and it forwards it to them. A router can also stop certain port numbers from being contacted by anyone inside or outside. Some can do filtering content.

The best analogy I can think of is a business phone system. Everyone in your company could have an outside line and you could dial your pal in the other office down the hall by dialing a full number (i.e. 555-1234), go OUT through the Telco's interchange and back INTO your business. This would work but you'd have to pay the Telco for EVERY line you wanted to use. This is like your hub / switch on the Internet.

More commonly a business phone system will have it's own internal phone system typically called a PBX (Private Branch Exchange). You could dial anyone up inside the company using just 3 or 4 digits (i.e. 1234). You could pay the Telco for maybe 10 outside lines and everyone in the company shares them. You communicate locally with you PBX and the conversation never hits the Telco's lines. This is like a router on the Internet.

Hope this 'splains ya'.
----
Visit my homepage: http://www.cox-internet.com/stevedavis/ - BORING! ;-}

Thank you Rootman. Your explanation gave me a good insight in routers and switches :)
Viva Chilipepper!

So you can connect any hub or switch to a broadband internet connection and then all the PC's connected to the hub will have internet conection without one of them running a proxy server? I mean, in this case, you can turn on any computer in the network indistinctly and have internet with the others PC's turned off? I know this would be unsafe, but I tough that this could only be done with a Router. I mean assuming that the modem of the internet conection is a single modem, not a modem-router.

Greetings, and I apologize if you find hard to understand something, I know my english isn't the best one when making long sentences is necessary :P

Technically Speaking,
A switch routes packages up to the layer 2. Meaning, It will only route packages from the same type of protocol. For intance, if your network is Ethernet (most homes nowadays) it will be able to send packages from one computer to another.

A router, it is a layer 3 device. So it is able to route packages of different protocols. In another words, it can route packages from different type of networks. Eg. Ethernet<--->Apple Talk.

A practical example would be:
You have 3 PC connected to each other using a Switch (or a cheaper hub) using Ethernet as your protocol. Now you want to connect your home network to the Internet via a DSL (usually PPPoE protocol) line. You will need a Router to act as the gatekeeper between your network and the internet.
But... always remember, you can setup your linux box as the router, so all the routing job can be done by your box.
Now, you want a dedicated router, go for it :D

I hope it helps :)

By the way,
For a computer to act as a router, it will need:
- at least 1 interface with the same protocol of your network (eg Ethernet)
- at least 1 interface with the protocol of your broadband network (e.g PPPoE or in your case a Modem with PPP)

Now, most router would have DHCP server. This protocol will assign an IP address to a computer connected in YOUR network. So if you set your home PC to get the IP from your server, and then, you set your router as the gateway, then it will automatically route your packages out of your house with a single internet connection.

I hope it helps. :D

So you can connect any hub or switch to a broadband internet connection and then all the PC's connected to the hub will have internet conection without one of them running a proxy server? I

Perhaps, if your broadband provider will give each of your PC's an IP address - think of it as a unique phone number to the internet. Most ISP's will only give one or two IP's without requiring you to pay more money for each IP given out.

If you ISP wil give each PC an IP then YES, you can have full Internet avaliability to each PC as well as talk to the other PC's. But by doing so your PC's are naked on the Internet and WILL be hacked sooner or later.

Buy a cheap router or make on with an old PC.
----
Visit my homepage: http://www.cox-internet.com/stevedavis/ - BORING! ;-}

The beauty of a router it is that it will allow you to hide your network behind it. So you WILL be able to have multiple computers going through the internet using only 1 Assigned IP address (assigned by your ISP).

That's what you call "PRIVITE NETWORK". Let me give you an example. Let say your ISP assign an IP address to you: 150.10.1.30
So only 1 computer can access to the internet using 150.10.1.30

What if only 1 computer (let's called PC1) is connected to the internet using 150.10.1.30 and also many other computers are connected into this PC1. Then All the other computers will be able to access to the internet through PC1.

PC2[10.1.1.2]
PC3[10.1.1.3]-----[10.1.1.1]PC1[150.10.1.30]
PC4[10.1.1.4]

So it means that the router has 4 ethernet ports (all with 10.1.1.x IP) and one modem using PPP with IP[150.10.1.30]

The job of PC1 it will be to make sure that it will send and recive a packet sent by PC2 to the internet and route the packets coming from the internet for PC2 to PC2.
That's the beauty of a router.

So if you look at it, you will find that routers will have 1 port for broadband. Usually for DSL or cable, and 4 or 5 100BT connections. Your router will allow at least 5 computers to be connected to it... Of course, you can always have hub and then increase your number of PCs connected to the router.

The easiest way, it is to enable the DHCP server in your router, so it will generate an IP for any computer being connected to it.

Let me tell you that security it is not a issue. You just need to make sure that your router is properly configured.

Now, if you don't have broadband... and you only have a modem... then, my advice, get a dirty cheap computer with:
- 1 Ethernet card
- 1 Modem
- install LINUX
- configure the LINUX so it will have DHCP, and other firewall functions.
- 1 hub

Then.
- Configure your modem connection with your ISP
- Connect the LinuxPC to the hub
- Connect other PCs to the hub.
make sure that those PC are configured without IPs and they are set to get the IP from a DCHP server (they can run windows or Mac, or linux)

And that's it! Man... you have a home made router :)

If you really want to learn about a router, or actually about the internet, go to this site:
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/index.htm

It is one of the best documents about Internetworking.

my 2 cents :)

Network security can be easy if you have an OLD computer box to dedicate to the firewall. Download and install SmoothWall - http://www.smoothwall.org/ - for an outstanding firewall that can be used on almost any network.

Try it - You'll like it!!! :wink:

Thank you all :) You all provide excellent help and ideas. If I can find some time in my schedule I'll probably post some of my results here. I have all the hardware needed and the mandu approach seems interesting for a geek like me ;)